I have successfully added two factor authentication to my Secret Server installation using Totp tokens (Google Authenticator). This is relatively simple process patching together FreeRadius (http:// www.freeradius.org) to do the radius part and totpcgi (https://github.com/mricon/totp-cgi/) to administer the tokens.

I would do a writeup except that I basically just followed these great instructions over here: http://vcdxorbust.com/totpcgi-and-freeradius-with-vmware-view and have very little to add to them. Except the simple change to add the radius server and shared secret to the Secret Server configuration and you have to change /etc/totpcgi/totpcgi.conf to set require_pincode to False. This means that the provisioning screen requires authentication against Active Directory but the token authentication process doesn’t.Have funSpörri